mirror of
https://github.com/NixOS/nixpkgs.git
synced 2024-11-17 19:21:04 +00:00
0a8814545a
The key still won't be used for some time, two years maybe, and I've been unable to find the DNSKEY itself yet, but I think it's better to preemptively trust at least the DS already. (outdated machines, etc.) Some evidence that it's not just a hash of *my* private key: https://www.iana.org/dnssec/ceremonies/53-2 https://data.iana.org/ksk-ceremony/53-2/kskm-keymaster-20240426-173035-995.log https://www.youtube.com/live/gw4PFhtnVpk?si=C8zevM3nG9O0XAJr&t=12726 I also used exactly the same root.ds in knot-resolver upstream: https://gitlab.nic.cz/knot/knot-resolver/-/merge_requests/1556 |
||
|---|---|---|
| .. | ||
| default.nix | ||
| root.ds | ||
| root.key | ||
| update-root-key.sh | ||